The PXE Server (pxesrv.exe) implements a TFTP server for allowing the
downloading of the bootstrap files (uploading is not allowed).
This service is vulnerable to a classical directory traversal and an
arbitrary path attacks which allow an attacker to download any file
from the local disks or the network shares.

---------------
B] NULL pointer
---------------

An incomplete TFTP request (anything which goes from the simple absence
of the option field to the usage of only the 2 bytes for the opcode)
causes the crashing of the PXE Server due to a NULL pointer access.